VoiceThread Docs / Privacy and Security / Privacy FAQ / Password strength

If your institution uses external authentication, you do not need a local VoiceThread password. Your VoiceThread access is based on your membership in that external system.


Technical Details

Local VoiceThread passwords must be at least 7 alphanumeric characters.

VoiceThread encrypts passwords using the peer-reviewed, industry-standard bcrypt password hashing function with a suitable work factor that balances attacker and defender verification. VoiceThread imposes no practical limit on overall password length or usable character set. VoiceThread generates salts using a cryptographically-secure source.

More technical details are here.

Additionally, VoiceThread will not allow users to set any of the top 1000 most commonly passwords from NIST.

If you would like your institution’s minimum password complexity to be greater than this, please contact support to configure that setting.


Best Practices

Passwords must be at least 7 alphanumeric characters. We also recommend that you include a combination of several optional elements to create a strong password:

  1. A mix of letters and numbers
  2. A mix of upper- and lower-case letters
  3. Symbols
  4. A multi-word phrase